Welcome to WebmasterWorld Guest from 18.204.48.199

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

Stopping Bots on FormMail

A simple solution for ending form SPAM?

     
1:43 am on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 10, 2004
posts:422
votes: 0


Howdy all,

I have done some searching and can't find an answer so I guess I'll just ask, maybe someone can point me to a thread or give an answer:)

I have a number of forms that use the updated version of Matt's script for forms, it resides in my CGI BIN and is called FormMail.pl.

Lately I am getting pummeled with emails from a number of my forms and am scared that my forms might be getting used to send SPAM via BCC or some other hack.

Here is my plan:

I will create a hidden DIV with a standard name that by default is blank, if it gets filled in, I will know it was by a BOT and the form will be killed upon submit.

I know how to do the hidden DIV, what I don't know is what to put in the FormMail.pl to wipe out the form in this case....

Thanks in advance,

M

5:47 am on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 5, 2006
posts:536
votes: 0


the easiest thing for now is just change the name of the script from formmail.pl to some obscure name:

q2jbf8TY.pl

of course you need to update the forms action attribute as well.

the bots are looking for formmail.pl, just do that and see if it helps. If not, you need to do something a bit more drastic.

5:19 pm on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 10, 2004
posts:422
votes: 0


Already done, made no difference:(
6:13 pm on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 5, 2006
posts:536
votes: 0


I will create a hidden DIV with a standard name that by default is blank, if it gets filled in, I will know it was by a BOT and the form will be killed upon submit.

I know how to do the hidden DIV, what I don't know is what to put in the FormMail.pl to wipe out the form in this case....

assuming that the name you will be checking if filled in and assigned to $no_bots:



if ($no_bots) {
do something here
}

you could just exit the script at that point or print some data to a file to examine it later to see what the bot is filling in, get the IP address, stuff like that.

7:29 pm on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 10, 2004
posts:422
votes: 0


if ($no_bots) {
do something here
}

Yepper, thats the part I don't know how to do....

9:25 pm on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 5, 2006
posts:536
votes: 0


maybe:



if (param('required_field') {
exit;
}

where "required_field" is the name of your hidden form field that should not be filled in.

11:46 pm on Apr 3, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 10, 2004
posts:422
votes: 0


Thanks, I'll give that a shot.